Newbie here... I'm working on a password reset form so I'm only passing an email in my POST form. I'm getting a Missing credentials error msg and I'm not even getting to the strategy I made for this feature so I'm not getting to query against UserModel. What could be causing this error?
My code is as follows:
password_reset_request.html:
<div class="modal fade" id="passwordresetrequest-modal" tabindex="-1" role="dialog" aria-labelledby="passwordresetrequestLabel" aria-hidden="true" style="display: none;">
<div class="modal-dialog">
<div class="signup-modal-container">
<form class="form-signin" action="/password_reset_request" id="password_reset_request_form" method="post">
<h2 class="form-signin-heading">Request Password Reset for BIDS</h2>
<label for="email" class="sr-only">Email address</label>
<input type="email" name="email" id="email" class="form-control" placeholder="Email address" required="" autofocus="">
<button class="btn btn-lg btn-primary btn-block" name="reset_request" type="submit">Send Password Reset Email</button>
</form>
</div>
</div>
</div>
app.js:
var express = require("express");
var bodyParser = require("body-parser");
var passport = require("passport");
...
var app = express();
app.use(bodyParser.urlencoded({ extended: true }));
require("./config/passport")(passport);
...
index.js:
app.post("/password_reset_request", function(req, res, next) {
passport.authenticate("local-password-reset-request", function(err, user, info) {
// NOTE: I'm getting a "null" value for my "err" param.
// NOTE: the "info" param is where I'm getting my "message: 'Missing credentials'" message.
if (err) {
return next(err);
}
if (!user) {
req.flash("error", "Reset failed, no such email.");
return res.redirect("/");
}
})(req, res, next);
});
passport.js:
passport.use("local-password-reset-request", new LocalStrategy({
usernameField: "email",
passReqToCallback: true
}, function(req, username, done) {
new UserModel.User({ email: email }).fetch().then(function(user) {
// if no user is found, return the message
if (!user)
return done(null, false, req.flash("loginMessage", "No user found."));
var new_password = randomstring.generate({
length: 12,
charset: 'alphabetic'
});
user
.set('password', UserModel.generateHash(new_password))
.save()
.then(function() {
console.log('new_password: ' + new_password);
// Mailer.sendNewPasswordMail(
// user.get("email"),
// new_password,
// req.headers.host
// );
return done(null, user);
})
;
return done(null, user);
});
}));
Turns out when I use LocalStrategy I need to provide both a usernameField AND a passwordField. Since I'm not actually using that passwordField value I pass any non-blank value and simply ignore it.
Related
I'm implementing a password reset following a tutorial but running into a problem. My req.body.email is coming back undefined. I have body-parser installed and my other routes are running perfectly.
Here is my code summary:
var express = require('express');
var router = express.Router({ mergeParams: true });
var Kids = require('../models/kid');
var User = require('../models/user');
var async = require('async');
var nodemailer = require('nodemailer');
var crypto = require('crypto');
var middleware = require('../middleware');
router.post('/password_reset', function(req, res, next) {
function(token, done) {
User.findOne({ email: req.body.email }, function(err, user) {
console.log(req.body.email); <====== Returning and undefined
console.log(user); <====== Returning as null
if (!user) {
req.flash('error', 'No account with that email address exists.');
return res.redirect('/password_reset');
}
user.resetPasswordToken = token;
user.resetPasswordExpires = Date.now() + 3600000; // 1 hour
user.save(function(err) {
done(err, token, user);
});
});
}
});
and my form
<form action="/password_reset" method="POST" >
<div class="form-group">
<label for="exampleInputEmail1">Enter your email address</label>
<input type="email" class="form-control" id="email" aria-describedby="emailHelp" placeholder="Enter email" required>
</div>
<button type="submit" class="btn btn-warning">Submit</button>
</form>
You have two problems:
You aren't submitting any data
Your <input> has no name attribute, so it can't be a successful control.
If you want req.body.email to have data in it then you need to say name="email".
Related to this, you said <label for="exampleInputEmail1"> but id="email". The for attribute needs to match the id of the element it is labelling. Then aria-describedby="emailHelp" needs to match the ID of the element that is labelling the current element … and isn't needed when you have a real <label>.
You aren't parsing the submitted data
See the documentation for req.body:
Contains key-value pairs of data submitted in the request body. By default, it is undefined, and is populated when you use body-parsing middleware such as express.json() or express.urlencoded().
You haven't used any body-parsing middleware.
Your form is submitting urlencoded data (the default) so use express.urlencoded():
router.use(express.urlencoded())
It's my first time implementing passport strategies (using this tutorial https://scotch.io/tutorials/easy-node-authentication-setup-and-local) and I think I made a small mistake that cause a weird problem. First time login with email and password, no problem (db connected, user login successful) second time with same email and password I get rangeError: Invalid status code: 1 and crash nodemon.
I tried to find more info on this error but there really isn't any out there. I did come across someone else with similiar issue but no one answered his question since October. Anyone care to take a crack at this?
routes.js
app.post('/login', passport.authenticate('local'), function (req, res {
console.log("passport user" + req.user);
res.status(200).json({
user: req.user
});
});
app.get('/user/auth', auth.isAuthenticated, function (req, res) {
if (req.user) {
res.status(200).json({
user: req.user
});
} else {
res.sendStatus(401);
}
});
app.post("/api/user", function (req, res) {
const user = req.body;
console.log(user);
User.findOne({ 'local.email': user.email },
function (err, result) {
if (err) {
console.log(err);
handleError(err, res);
return;
}
if (result) {
res.status(500).send("Email already exists in database");
} else {
var newUser = new User();
newUser.local.password = createHash(user.password);
newUser.local.email = user.email;
newUser.local.name = user.name;
newUser.local.mobile = user.mobile;
newUser.save(function (err, result) {
res.status(201).send("User added to database");
});
}
});
});
auth.js
passport.use(new LocalStrategy({ // redefine the field names the strategy (passport-local) expects
usernameField: 'username',
passwordField: 'password',
passReqToCallback : true
}, function(req, email, password, done) {
// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function() {
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.email' : email }, function(err, user) {
// if there are any errors, return the error
if (err)
return done(err);
// check to see if theres already a user with that email
if (user) {
return done(null, false, req.flash('signupMessage', 'That email is already taken.'));
} else {
// if there is no user with that email
// create the user
var newUser= new User();
// set the user's local credentials
newUser.local.email= email;
newUser.local.password = newUser.generateHash(password);
// save the user
newUser.save(function(err) {
if (err)
throw err;
return done(null, newUser);
});
}
});
});
}
var isAuthenticated = function(req, res, next) {
//console.log("isAuthenticated(): ", req.user);
if (req.isAuthenticated()) {
next(); //good moves to the next one
}
else {
res.sendStatus(401);
}
}
return {
isAuthenticated: isAuthenticated,
}
};
user.js
var mongoose = require('mongoose');
var bcrypt = require('bcrypt-nodejs');
// define the schema for our user model
var userSchema = mongoose.Schema({
local: {
id: String,
email: String,
password: String,
name: String,
mobile: String
},
google: {
id: String,
token: String,
email: String,
name: String
}
});
// methods ======================
// generating a hash
userSchema.methods.generateHash = function(password) {
return bcrypt.hashSync(password, bcrypt.genSaltSync(8), null);
};
// checking if password is valid
userSchema.methods.validPassword = function(password) {
return bcrypt.compareSync(password, this.local.password);
};
// create the model for users and expose it to our app
module.exports = mongoose.model('User', userSchema);
html
<div class="panel panel-default">
<div class="panel-body">
<form name='loginForm' ng-submit='ctrl.login()' novalidate>
<div class="form-group">
<input class="form-control" type="text" name="username" placeholder="EMAIL" id="username" ng-model='ctrl.user.username'></div>
<div class="form-group">
<input class="form-control" type="password" name="password" placeholder="PASSWORD" id="password" ng-model='ctrl.user.password'></div>
<div class="form-group">
<input id="submit" name="submit" type="submit" class="btn btn-full btn-block" value="Log In"></div>
I have some problems to get a login for my webpage.
I have a user in my DB with email: peru#hotmail.com and pass 123.
the problem is that when I make the POST method it returns me the next error:
*Cannot POST /login*
this is my app.js:
var mongoose = require('mongoose');
var express = require('express');
var app=express();
var bodyParser = require('body-parser');
mongoose.connect("mongodb://localhost/myDB");
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
var userSchema = {
email:String,
pass:String
};
var Usuario = mongoose.model("Usuario",userSchema);
app.use(express.static("public"));
app.get("/",function(solicitud,respuesta){
respuesta.sendFile('.../prueba.html');
});
app.post("/login",function(require,respuesta){
var email = require.body.email;
var pass = require.body.pass;
console.log("post received: %s %s", email, pass);
User.findOne({email: email, pass: pass}, function(err,user){
if(err){
console.log(err);
}
respuesta.sendFile('.../work.html');
});
});
app.listen(3000);
and now this is my prueba.html:
<html>
<head>
<title></title>
</head>
<body>
<!--div class="col-md-5 center-block no float top-pace text-left"-->
<form method="post" action="/login" >
<input type="text" name="email">
<input type="text" name="pass" >
<button type="submit" >login </button>
</form>
</body>
</html>
You created model as Usuario and using User in your POST request, try changing it to Usuario, as follows:
app.post("/login",function(require,respuesta){
var email = require.body.email;
var pass = require.body.pass;
console.log("post received: %s %s", email, pass);
Usuario.findOne({email: email, pass: pass}, function(err,user){
if(err){
console.log(err);
}
respuesta.sendFile('.../work.html');
});
});
I am trying to adapt some code taken from:
https://github.com/expressjs/express/blob/master/examples/auth/index.js
and incorporate into a login form. The issue is that when running the code and selecting the login button the following is logged in the console:
POST /login
Authenticating undefined:foobar
Authentication failed, please check your username and password. (use "tj" and "foobar")
I'm unsure as to why the user is being returned as undefined when I am inputting tj and foobar as the login and password.
HTML:
<div class="login">
<form method="post" action="/login">
<p><input type="text" name="login" value="" placeholder="Username"></p>
<p><input type="password" name="password" value="" placeholder="Password"></p>
<p class="remember_me">
<label>
<input type="checkbox" name="remember_me" id="remember_me">
Remember me on this computer
</label>
</p>
<p class="submit"><input type="submit" name="commit" value="Login"></p>
</form>
</div>
<div class="login-help">
<p>Forgot your password? Click here to reset it.</p>
</div>
JS:
/**
* Module dependencies.
*/
var express = require('express');
var hash = require('./pass').hash;
var bodyParser = require('body-parser');
var session = require('client-sessions');
var app = module.exports = express();
// dummy database
var users = {
tj: { name: 'tj' }
};
// when you create a user, generate a salt
// and hash the password ('foobar' is the pass here)
hash('foobar', function (err, salt, hash){
if (err) throw err;
// store the salt & hash in the "db"
users.tj.salt = salt;
users.tj.hash = hash;
});
// check if user is logged in, if not redirect them to the index
function requireLogin (req, res, next) {
if (!req.user) {
res.redirect('/');
} else {
next();
}
};
// Authenticate using our plain-object database
function authenticate(name, pass, fn) {
if (!module.parent) console.log('Authenticating %s:%s', name, pass);
var user = users[name];
// query the db for the given username
if (!user) return fn(new Error('cannot find user'));
// apply the same algorithm to the POSTed password, applying
// the hash against the pass / salt, if there is a match we
// found the user
hash(pass, user.salt, function(err, hash){
if (err) return fn(err);
if (hash == user.hash) return fn(null, user);
fn(new Error('invalid password'));
});
}
app.post('/login', function (req, res){
console.log("POST /login")
authenticate(req.body.username, req.body.password, function(err, user){
if (user) {
// Regenerate session when signing in
// to prevent fixation
req.session.regenerate(function(){
// Store the user's primary key
// in the session store to be retrieved,
// or in this case the entire user object
req.session.user = user;
/*req.session.success = 'Authenticated as ' + user.name
+ ' click to logout. '
+ ' You may now access /restricted.';*/
res.redirect('/queryInterface.html');
});
} else {
console.log('Authentication failed, please check your '
+ ' username and password.'
+ ' (use "tj" and "foobar")');
res.redirect('/');
}
});
});
You are seeing the user as undefined because you are using req.body to access an undefined input field.
You are authenticating with req.body.username, but your input field has the name login.
req.body is populated with the names of your input fields. Your input should look like this when trying to access the username by req.body.username.
<input type="text" name="username" value="" placeholder="Username">
I'm learning Node.js and all its functionalities and I'm using scotch's tutorial (https://scotch.io/tutorials/easy-node-authentication-setup-and-local), I built what he proposed and it was really good, but then I wanted to get more informations for user, like name and a special number called SIAPE as my user model code shows: user.js
var mongoose = require('mongoose');
var bcrypt = require('bcrypt-nodejs');
var userSchema = mongoose.Schema({
local : {
name : String,
email : String,
password : String,
siape : String
}
});
userSchema.methods.generateHash = function(password) {
return bcrypt.hashSync(password, bcrypt.genSaltSync(8),null);
};
userSchema.methods.validPassword = function(password) {
return bcrypt.compareSync(password, this.local.password);
};
module.exports = mongoose.model('User', userSchema);
And then set up my passport.js to update those thing to my mangodb database with mongoose, but it dosen't work and I dont know why.
// config/passport.js
// load all the things we need
var LocalStrategy = require('passport-local').Strategy;
// load up the user model
var User = require('../app/models/users');
// expose this function to our app using module.exports
module.exports = function(passport) {
// =========================================================================
// passport session setup ==================================================
// =========================================================================
// required for persistent login sessions
// passport needs ability to serialize and unserialize users out of session
// used to serialize the user for the session
passport.serializeUser(function(user, done) {
done(null, user.id);
});
// used to deserialize the user
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
// =========================================================================
// LOCAL SIGNUP ============================================================
// =========================================================================
// we are using named strategies since we have one for login and one for signup
// by default, if there was no name, it would just be called 'local'
passport.use('local-signup', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : 'siape',
passwordField : 'password',
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, siape,password, email,name, done) {
// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function() {
console.log('USERNAME:' + name );
console.log('EMAIL:' + email );
console.log('PASSWORD:' + password );
console.log('SIAPE:' + siape );
console.log('DONE:' + done);
console.log('REQ:' + req);
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.siape' : siape }, function(err, user) {
// if there are any errors, return the error
if (err)
return done(err);
// check to see if theres already a user with that email
if (user) {
return done(null, false, req.flash('signupMessage', 'Email já existe'));
} else {
// if there is no user with that Email
// create the user
var newUser = new User();
// set the user's local credentials
newUser.local.name = name;
newUser.local.email = email;
//newUser.local.password = newUser.generateHash(password);
newUser.local.password = password;
newUser.local.siape = siape;
// save the user
newUser.save(function(err) {
if (err)
throw err;
return done(null, newUser);
});
}
});
});
}));
passport.use('local-login', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) { // callback with email and password from our form
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.email' : email }, function(err, user) {
// if there are any errors, return the error before anything else
if (err)
return done(err);
// if no user is found, return the message
if (!user)
return done(null, false, req.flash('loginMessage', 'No user found.')); // req.flash is the way to set flashdata using connect-flash
// if the user is found but the password is wrong
if (!user.validPassword(password))
return done(null, false, req.flash('loginMessage', 'Oops! Wrong password.')); // create the loginMessage and save it to session as flashdata
// all is well, return successful user
return done(null, user);
});
}));
};
Don't know if it helps, but I'll update also the html form:
<!-- views/signup.ejs -->
<!doctype html>
<html>
<head>
<title>Cadastro de professor</title>
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.2/css/bootstrap.min.css"> <!-- load bootstrap css -->
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.min.css"> <!-- load fontawesome -->
<style>
body { padding-top:80px; }
</style>
</head>
<body>
<div class="container">
<div class="col-sm-6 col-sm-offset-3">
<h1><span class="fa fa-sign-in"></span> Cadastro De Professor</h1>
<!-- show any messages that come back with authentication -->
<% if (message.length > 0) { %>
<div class="alert alert-danger"><%= message %></div>
<% } %>
<!-- LOGIN FORM -->
<form action="/signup" method="post">
<div class="form-group">
<label>Nome</label>
<input type="text" class="form-control" name="username">
</div>
<div class="form-group">
<label>Email</label>
<input type="text" class="form-control" name="email">
</div>
<div class="form-group">
<label>Senha</label>
<input type="password" class="form-control" name="password">
</div>
<div class="form-group">
<label>SIAPE</label>
<input type="text" class="form-control" name="siape">
</div>
<button type="submit" class="btn btn-warning btn-lg">Cadastrar Professor</button>
</form>
<hr>
<p>Professor ja cadastrado?? Entre</p>
<p>Ou volte.</p>
</div>
</div>
</body>
</html>
A lot of things are happening that I don't quite understand, for example, I've put a console.log to print all the information sent in the html form, and this was what was print:
USERNAME:undefined
EMAIL:function verified(err, user, info) {
if (err) { return self.error(err); }
if (!user) { return self.fail(info); }
self.success(user, info);
}
PASSWORD:senha
SIAPE:SIAPE
DONE:undefined
REQ:[object Object]
And for the last part, the error printed in my terminal server:
/home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/lib/utils.js:413
throw err;
^
TypeError: undefined is not a function
at Promise.<anonymous> (/home/aluno/28882/naest/AdmnistrationModule/config/passport.js:83:31)
at Promise.<anonymous> (/home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mpromise/lib/promise.js:177:8)
at Promise.emit (events.js:98:17)
at Promise.emit (/home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mpromise/lib/promise.js:84:38)
at Promise.fulfill (/home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mpromise/lib/promise.js:97:20)
at handleSave (/home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/lib/model.js:133:13)
at /home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/lib/utils.js:408:16
at /home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mongodb/lib/mongodb/collection/core.js:128:9
at /home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mongodb/lib/mongodb/db.js:1197:7
at /home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mongodb/lib/mongodb/db.js:1905:9
at Server.Base._callHandler (/home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mongodb/lib/mongodb/connection/base.js:453:41)
at /home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mongodb/lib/mongodb/connection/server.js:488:18
at MongoReply.parseBody (/home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mongodb/lib/mongodb/responses/mongo_reply.js:68:5)
at null.<anonymous> (/home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mongodb/lib/mongodb/connection/server.js:446:20)
at emit (events.js:95:17)
at null.<anonymous> (/home/aluno/28882/naest/AdmnistrationModule/node_modules/mongoose/node_modules/mongodb/lib/mongodb/connection/connection_pool.js:207:13)
aluno#lab2208-pc32:~/28882/naest/AdmnistrationModule$ clear
Just solved my problem, the problem was that local-signup only accepts 2 parameters as default, username and password for authentication, other variable are to be catched using the "req.body" prefix. This link helped me a lot
Does passportjs LocalStrategy allow more parameters than the default username and password?